CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

AstraLinux•added 2026/05/20 5:53 a.m.•3 views

Astra Linux - уязвимость в tomcat9

If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26, or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers by setting rejectIllegalHeader to false the default for 8.5.x only, Tomcat would not reject requests containing an invalid Content-Length header. This...

7.5CVSS6.8AI score0.0029EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•6 views

Astra Linux - уязвимость в jruby

A vulnerability was discovered in Ruby versions 2.5.8, 2.6.x up to 2.6.6, and 2.7.x up to 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, did not rigorously check the transfer-encoding header value. An attacker could potentially exploit this vulnerability to bypass a reverse proxy which...

7.5CVSS6.7AI score0.00275EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•2 views

Astra Linux - уязвимость в tomcat9

Apache Tomcat versions 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46, and 8.5.0 to 8.5.66 failed to properly parse the HTTP transfer-encoding request header under certain circumstances, which could lead to requests for data smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly...

5.3CVSS6.9AI score0.01865EPSS

Exploits1References1

AstraLinux•added 2026/05/20 5:53 a.m.•6 views

Astra Linux - уязвимость в tomcat9

There is an improper input validation vulnerability in Apache Tomcat. In versions of Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81, and from 8.5.0 through 8.5.93, the HTTP trailer headers were not parsed correctly. A specially crafted,...

5.3CVSS6.6AI score0.62079EPSS

Exploits2References2

AstraLinux•added 2026/05/20 5:53 a.m.•3 views

Astra Linux - уязвимость в puma

Puma is an HTTP 1.1 server for Ruby/Rack applications. The fix for CVE-2019-16770 was incomplete. The original fix only protected existing connections that had already been accepted; it did not prevent new connections from being blocked by greedy persistent-connections that saturated all threads ...

7.5CVSS6.2AI score0.01358EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•4 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Platform/x86: x86-android-tablets: Devices are unregistered in reverse order. Not all subsystems support the removal of a device when there are still consumers referencing that device. An example of this is the regulator subsyste...

5.5CVSS5.8AI score0.00018EPSS

OSV•added 2026/05/20 2:16 a.m.•0 views

ALPINE-CVE-2026-43617

Rsync version 3.4.2 and prior contain an authorization bypass vulnerability in the rsync daemon's hostname-based access control list enforcement when configured with chroot. Attackers can bypass hostname-based deny rules by controlling the PTR record for their source IP address, allowing...

4.8CVSS5.8AI score0.00014EPSS

OSV•added 2026/05/20 2:16 a.m.•2 views

DEBIAN-CVE-2026-43617

4.8CVSS5.8AI score0.00014EPSS

NVD•added 2026/05/20 2:16 a.m.•8 views

CVE-2026-43617

6.3CVSS0.00014EPSS

Debian CVE•added 2026/05/20 12:52 a.m.•6 views

CVE-2026-43617

AlpineLinux•added 2026/05/20 12:52 a.m.•7 views

Exploits0

CVE-2026-43617

CVE•added 2026/05/20 12:52 a.m.•15 views

CVE-2026-43617

CVE-2026-43617 affects rsync

Exploits0References3Affected Software1

Vulnrichment•added 2026/05/20 12:52 a.m.•2 views

CVE-2026-43617 Rsync < 3.4.3 Authorization Bypass via Hostname Resolution

Cvelist•added 2026/05/20 12:52 a.m.•37 views

CVE-2026-43617 Rsync < 3.4.3 Authorization Bypass via Hostname Resolution

6.3CVSS0.00014EPSS

Tenable Nessus•added 2026/05/20 12:0 a.m.•5 views

Fedora 44 : proftpd (2026-871243b391)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-871243b391 advisory. This update contains an updated modwrap2sql that addresses a potential SQL injection issue when connected to from a client with a maliciously-constructed...

8.1CVSS5.9AI score0.00038EPSS

Tenable Nessus•added 2026/05/20 12:0 a.m.•5 views

Linux Distros Unpatched Vulnerability : CVE-2026-43617

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rsync version 3.4.2 and prior contain an authorization bypass vulnerability in the rsync daemon's hostname-based access control list enforcement when configured...

OSV•added 2026/05/20 12:0 a.m.•1 views

UBUNTU-CVE-2026-43617

Positive Technologies•added 2026/05/20 12:0 a.m.•6 views

Exploits0References5

PT-2026-42051

Name of the Vulnerable Software and Affected Versions rsync versions prior to 3.4.3 Description An authorization bypass exists in the rsync daemon's hostname-based access control list enforcement when configured with chroot. Attackers can bypass hostname-based deny rules by controlling the PTR...

8.1CVSS5.8AI score0.00056EPSS

Exploits0References32

Tenable Nessus•added 2026/05/20 12:0 a.m.•3 views

Fedora 43 : proftpd (2026-4ddb108952)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-4ddb108952 advisory. This update contains an updated modwrap2sql that addresses a potential SQL injection issue when connected to from a client with a maliciously-constructed...

8.1CVSS5.9AI score0.00038EPSS